New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Make master node work #70
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool you made the master access work. How do you want to roll with this? The abstraction issues should at least be tracked in our boards as well as the TODOs and then we should continue working there. How is your roadmap with this?
Requires=k8s-setup-network-env.service | ||
After=k8s-setup-network-env.service | ||
Requires=k8s-setup-network-env.service decrypt-tls-assets.service | ||
After=k8s-setup-network-env.service decrypt-tls-assets.service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
decrypt-tls-assets.service
is AWS specific, right? This does not work that way when we want to have the cloud config manager being abstracted. The dependency statements probably can be the other way around so that we do not pollute the cloud config.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, this is just a temporary hack because for some reason my decrypt-tls-assets.service
wasn't starting.
It's not the proper way to solve it but I'll look at it tomorrow.
ExecStop=/opt/bin/calicoctl node stop --force | ||
ExecStopPost=/bin/bash -c "find /tmp/ -name '_MEI*' | xargs -I {} rm -rf {}" | ||
ExecStopPost=/bin/bash -c "/opt/bin/calicoctl bgp peer remove $(echo ${BRIDGE_IP} | cut -d'.' -f1-3).0" | ||
ExecStopPost=/usr/bin/etcdctl --endpoints=http://127.0.0.1:2383 rm /calico/v1/host/{{.Node.Hostname}}-flannel/bird_ip |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not certain but this is maybe necessary for making the guest clusters created by the KVM operator work. So this should be abstracted then.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed.
My plan is:
|
Ok cool. I think it would make sense to derive upcoming feature branches for further changes from this branch and merge into here first. Then we see the TODOs missing and do not pollute master. Would that work? |
That works for me, although keep in mind that most of the changes I make here are in I think deriving workers' cloudconfig changes from this branch makes sense so we can have a branch that has both master and workers. |
Please don't delete the branch |
This adds a working configuration for a master node.
Caveats
vendor
directory.k8s.cluster.giantswarm.io
to/etc/hosts
pointing to127.0.0.1
and we use ports6443
(k8s secure) and2379
(etcd) instead of443
because we don't have the ingress controllers set up.Testing
You need to issue some certificates using certctl with "CN=*.cluster.giantswarm.io" for the apiserver, etcd and calico and put them in a directory to pass them to the operator:
Then, you can start the test "cluster" (only one master):
On your host, you can add the IP of the instance to
/etc/hosts
:Then you can create a kubeconfig similar to this:
After that you should have a working kubectl:
Pods can't be scheduled because we need workers for that.